Closed dependabot[bot] closed 1 month ago
Latest commit: 95cbc53a01b7592075ee7230acf918b6c7c5d120
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
ant-design-web3 | âś… Ready (Inspect) | Visit Preview | đź’¬ Add feedback | Oct 18, 2024 10:03am |
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|
đźš® Removed packages: npm/@umijs/fabric@4.0.1
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.
To ignore these dependencies, configure ignore rules in dependabot.yml
Bumps the npm_and_yarn group with 10 updates:
3.0.2
3.0.3
4.19.2
4.21.1
4.3.6
4.5.0
4.0.5
4.0.8
0.1.7
0.1.10
3.29.4
3.29.5
0.18.0
0.19.0
1.15.0
1.16.2
5.91.0
5.95.0
6.2.2
6.2.3
Updates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Updates
express
from 4.19.2 to 4.21.1Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
8e229f9
4.21.1a024c8a
fix(deps): cookie@0.7.17e562c6
4.21.01bcde96
fix(deps): qs@6.13.0 (#5946)7d36477
fix(deps): serve-static@1.16.2 (#5951)40d2d8f
fix(deps): finalhandler@1.3.177ada90
Deprecate"back"
magic string in redirects (#5935)21df421
4.20.04c9ddc1
feat: upgrade to serve-static@0.16.09ebe5d5
feat: upgrade to send@0.19.0 (#5928)Updates
fast-xml-parser
from 4.3.6 to 4.5.0Changelog
Sourced from fast-xml-parser's changelog.
... (truncated)
Commits
7ed4606
update package detail98d8f47
feat #666: add selective ignoreAttributes by pattern or callback (#668)d40e29c
update package detail and browser bundlesd0bfe8a
fix maxlength for currency value2c14fcf
Update bug-report-or-unexpected-output.mdacf610f
fix #634: build attributes with oneListGroup and attributesGroupName (#653)931e910
fix: get oneListGroup to work as expected for array of strings (#662)b8e40c8
Update ISSUE_TEMPLATE.mda6265ba
chore: add trend image (#658)db1c548
redesign README.mdUpdates
micromatch
from 4.0.5 to 4.0.8Release notes
Sourced from micromatch's releases.
Changelog
Sourced from micromatch's changelog.
Commits
8bd704e
4.0.8a0e6841
run verb to generate README documentation4ec2884
Merge branch 'v4' into hauserkristof-feature/v4.0.803aa805
Merge pull request #266 from hauserkristof/feature/v4.0.8814f5f7
lint67fcce6
fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3
fix: CVE numbers in CHANGELOGd9dbd9a
feat: updated CHANGELOG2ab1315
fix: use actions/setup-node@v41406ea3
feat: rework test to work on macos with node 10,12 and 14Updates
path-to-regexp
from 0.1.7 to 0.1.10Release notes
Sourced from path-to-regexp's releases.
Commits
c827fce
0.1.1029b96b4
Add backtrack protection to parametersac4c234
Update repo url (#314)bdb6635
0.1.9c4272e4
Allow a non-lookahead regex (#312)51a1955
0.1.8114f62d
Add support for named matching groups (#301)Updates
rollup
from 3.29.4 to 3.29.5Changelog
Sourced from rollup's changelog.
... (truncated)
Commits
dfd233d
3.29.52ef77c0
Fix DOM Clobbering CVEUpdates
send
from 0.18.0 to 0.19.0Release notes
Sourced from send's releases.
Changelog
Sourced from send's changelog.
Commits
9d2db99
0.19.0ae4f298
Merge commit from forkMaintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.
Updates
serve-static
from 1.15.0 to 1.16.2Release notes
Sourced from serve-static's releases.
Changelog
Sourced from serve-static's changelog.
Commits
ec9c5ec
1.16.2f454d37
fix(deps): encodeurl@~2.0.077a8255
1.16.14263f49
fix(deps): send@0.19.048c7397
1.16.00c11fad
Merge commit from forkMaintainer changes
This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.
Updates
webpack
from 5.91.0 to 5.95.0Release notes
Sourced from webpack's releases.
... (truncated)
Commits
e20fd63
chore(release): 5.95.04866b0d
feat: added newoptimization.entryIife
optiond90f692
fix: merge duplicate chunks after split chunks90dec30
fix(externals): distinguish “module” and “import” in “module-import”c1a0a46
fix(externals): distinguish “module” and “import” in “module-import”14d8fa8
fix: all tests casesdae16ad
feat: pass output.hash* options to loader context75d185d
feat: passoutput.hash*
options to loader context46e0b9c
test: update8e62f9f
testUpdates
ws
from 6.2.2 to 6.2.3Release notes
Sourced from ws's releases.
Commits
d87f3b6
[dist] 6.2.3eeb76d3
[security] Fix crash when the Upgrade header cannot be read (#2231)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show